I am trying to clean up a pc for a friend (big mess)and need to work only in SAFE MODE due to security popups, etc. Had to fix the registry just to allow EXE files to execute. Downloaded MB and it fails so I aborted it when it found about 50 problems and cleaned them. Now it runs clean until it aborts. It is happening in TEMP files and when I try to go in to delete them explorer dies.
I did manage to get an OTS log… see attached.
Thanks
EDIT: Running Combofix now…it found rootkit issues …(windows\system32\kdqyw.exe)… and is rebooting… I will attach logs when it completes
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
I was finally able to get Avast downloaded and it found 23 problems that were all moved to chest… doing an Avast boot scan now. Looks like things are much better.
I was finally able to get Avast downloaded and it found 23 problems that were all moved to chest.... doing an Avast boot scan now. Looks like things are much better.
Why not just wait for me untill I analyze the system ? :D
Have you done what I wrote for the CFScript?
…attach fresh CF log made after CFScript. note: first temporaly disable your AntiVirus.
The CF log seems clean and there is no traces of active malware. Your PC is clean.
It is necessary to uninstall Combofix
Start >> Run
Combofix /Uninstall
Enter. Then do the following. Create a registry file.
Open Notepad and Copy/Paste everything from the Code box into Notepad:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="\"C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe\" /nogui"
* Go to[b] File > Save As[/b]
* Save File name as [b]nogui.reg[/b]
* Change Save as Type to [b]All Files[/b] and save the file to your [b]Desktop[/b]
* double-click [b]nogui.reg[/b] on your Desktop
* When it asks if you want to merge the info to the registry, hit YES/OK
Reboot computer